Understanding chatbot safety: Risks to consider – ExpressVPN

Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
WIN FIFA World Cup™ tickets! Raffle closes in:
WIN FIFA World Cup 2026™ tickets! Enter now
One subscription gives you access to a fast-growing suite of privacy and security tools that work seamlessly together to improve your digital life.
ExpressVPN for Teams Get fast, secure VPN protection for growing teams. Easy to deploy, simple to manage, built to scale.
ExpressVPN Industry-leading, ultra-fast VPN with secure servers in 105 countries.
ExpressMailGuard Private email relay service to protect your inbox and identity.
ExpressKeys Secure password management, multi-factor authentication, and more.
ExpressAI The first consumer AI powered by confidential computing for privacy-led intelligence.
Identity Defender Powerful suite of ID protection, monitoring, and data removal tools
Other products from the family behind ExpressVPN
holiday.com eSIM Unlimited data with a single eSIM across 150+ destinations.
Intego Award-winning macOS antivirus, firewall, system tools, and more.
Chatbots have become ubiquitous across the internet. They answer customer service questions, help with complex questions, streamline tasks at work, and assist with everything from writing emails to filing taxes. However, as these tools become more woven into everyone’s daily life, it’s important to ask whether they’re safe to use.
The short answer is that it depends on various factors, such as the provider of the chatbot, what information you’re sharing with it, and whether your chats are used as training data for AI models. This article explores the benefits of AI chatbots, the risks to watch out for, and what you shouldn’t share so you can use these tools without putting yourself at unnecessary risk.
Chatbots collect, store, and, in many cases, use your conversation data. Before you type anything into a chat window, it helps to know what can go wrong.
Your conversations with chatbots are typically stored, and that stored data could become a target. In 2025, a flaw in the McDonald’s AI recruitment chatbot McHire allowed researchers to access data from over 64 million job applicants because administrator access was gated behind the default password of “123456.”
Additionally, Concentric AI’s 2H 2025 Data Risk Report found that, across its customer sample, Microsoft Copilot accessed an average of almost three million sensitive data records per organization during the first half of 2025, meaning a breach could potentially have catastrophic privacy consequences.
Many major AI chatbots operate on opt-out privacy systems by default, meaning your conversations and any personal information within them get stored and used to train the model unless you explicitly choose not to. What’s more, the opt-out option is sometimes hard to find and might not be labeled intuitively. Many users aren’t even aware that their information is stored.
Overall, it’s important to know that when you input sensitive personal information into a chatbot, it may be retained, reviewed by human moderators, or used to train future models.
Infographics explaining the risks associated with AI chatbots
Criminals can create fake chatbots that impersonate customer support agents, financial institutions, retailers, or other trusted organizations in an attempt to steal personal information, login credentials, or payment details.
AI-powered chatbots are also making phishing and social engineering scams more convincing. Instead of relying on generic messages, scammers can use chatbots to generate realistic conversations, answer victims’ questions in real time, and tailor their tactics to specific targets.
Among the major concerns with AI chatbots is that their answers aren’t always accurate, and they often generate plausible-sounding but factually incorrect information and present it with complete confidence. These responses are known as AI hallucinations.
Someone who isn’t familiar with the information being presented may assume it’s correct, which can be especially dangerous if it involves legal or medical advice, for example. This is why it’s always important to be cautious instead of trusting AI answers completely.
Beyond data collection practices and user behavior, a risk with using chatbots is that they may have inherent vulnerabilities if they aren’t well-built and maintained. The key ones are listed below.
A failure to implement proper encryption for data in transit or at rest can leave user conversations vulnerable to interception.
A noteworthy example of this was when cybersecurity researchers exposed a major flaw where OpenAI’s official ChatGPT app for macOS was initially storing local user chat histories as unencrypted plain text on Apple computers, bypassing standard app sandboxing protections. Since sandboxing is among the key ways macOS maintains security, this left users’ chat histories vulnerable to any malicious processes on the system. Once discovered, the vulnerability was swiftly fixed by OpenAI.
If chatbot administrative dashboards lack strong access controls like multi-factor authentication (MFA), a single compromised account can give an attacker access to large amounts of user data. The clearest example of this is the aforementioned McHire chatbot.
Some platforms retain conversation data far longer than necessary or store it in unsecured cloud environments. When proper data security isn’t configured, any outsider could potentially access unprotected user information.
This is the exact flaw that led to the massive exposure involving the Chat & Ask AI app, where a researcher easily accessed 300 million private user messages from over 25 million users due to a Google Firebase misconfiguration.
Read more: What is a prompt injection attack, and how can it be prevented?
It’s important to know what not to share with chatbots whose provider may have access to your conversations (which are many commonly used chatbots): here are some key things to avoid.
Never type a password, PIN, or security code into a chatbot. Legitimate services will never ask for them, and a chatbot that does should be treated with suspicion. If these credentials are exposed, attackers could use them to access your accounts, steal personal information, or bypass other security measures.
Do not share bank account numbers, credit card details, tax identification numbers, or any other sensitive financial data with chatbots. In general, it’s fine to use a legitimate chatbot for general financial tips and guidance on money management, but you should avoid adding any potentially sensitive financial information to the conversation.Infographic highlighting the information users shouldn't share with chatbots.
A 2026 King’s College London Policy Institute report, based on a Focaldata survey of 2,093 UK adults, found that 15% of respondents had used AI chatbots for health advice instead of contacting a GP. Aside from the risk of chatbots sharing inaccurate health advice, there’s a significant privacy risk too, because conversations with AI chatbots aren’t generally private and legally protected the way conversations with healthcare professionals are.
Some people also use therapy or mental health chatbots for emotional support. While these tools may provide comfort or general guidance, they can also give inappropriate advice, reinforce unhealthy beliefs, or fail to recognize when a user needs professional help. These conversations also often involve highly sensitive personal information, so users should consider the privacy implications before sharing any mental health concerns with a chatbot.
Employees who paste internal strategy documents, client data, source code, or unreleased product details into a chatbot that’s not private by design risk exposing it.
This is exactly what happened when Samsung’s semiconductor division allowed engineers to use ChatGPT. Within weeks of granting access, employees had inadvertently leaked proprietary information to the platform on at least three separate occasions. The compromised data included sensitive source code, internal meeting recordings, and confidential hardware data.
Reputable chatbot platforms have various security measures that help reduce the risks discussed above, and understanding these helps users know what to look for when choosing a chatbot.
AI-powered chatbots from established providers use HTTPS and encrypt data during transmission using Transport Layer Security (TLS), meaning all communications between your device and the chatbot are encrypted. They also provide encryption at rest using industry-standard 256-bit Advanced Encryption Standard (AES-256) encryption.
Responsible chatbot providers conduct regular security audits and penetration testing to ensure their security standards are always up-to-date. Some, like OpenAI, also have bug bounty programs that reward white-hat hackers for ethical and good-faith security testing if they can discover any vulnerabilities within their systems.
Reputable AI chatbot platforms also comply with critical data protection regulations such as the General Data Protection Regulation (GDPR) and various others like System and Organization Controls 2 (SOC 2), SOC 3, and more. They typically maintain trust portals or trust centers, where users can review documentation and find out which regulations the chatbot is compliant with.
Major AI providers include content moderation systems designed to block harmful outputs and detect unusual patterns of use, and they can even suspend accounts when suspicious activity is detected or users consistently violate usage policies or platform terms of service.
However, it’s important to remember that these filters are far from perfect. OpenAI, for example, acknowledged this in August 2025 when it stated that safeguards work more reliably in common, short exchanges and can degrade over longer interactions.
Safe chatbot usage involves developing consistent habits that can reduce your exposure. Below are some of the key practices you should follow regardless of which chatbot you use.
As discussed above, the most effective protection is limiting what you put in. Unless you’re using a private-by-design AI chatbot like ExpressAI, assume that anything you type into a chatbot could eventually be seen, stored, or used. That includes names, addresses, contact details, and anything that could be used to identify you or somebody else.3 Habits For Safer Chatbot Use
The terms you agree to when using a chatbot determine how your data is handled. Since many major chatbot platforms use opt-out systems by default, you’re sharing data for model training unless you actively change your settings.
It’s also worth skimming the relevant sections of your chatbot’s privacy policy before regular use, as this will help you know how much of your data is being stored and processed and for how long. Be cautious of any chatbot with a vague or nonexistent privacy policy, as it’s vital to have this information stated clearly to make an informed decision.
Locate the privacy settings in any chatbot you use regularly and understand what you’ve opted into. Opting out of conversation data being used for model training is possible on most platforms but requires navigating menus that many users never open. In some cases, the option won’t be directly labeled as model training; for instance, ChatGPT labels its model training option as “Improve the model for everyone.”
There are also other options like ChatGPT’s Temporary Chat, in which your conversation doesn’t get stored and isn’t used to train the model. However, even this mode has a disclaimer at the bottom stating a copy of your chat may be kept for up to 30 days for safety reasons.
Beyond individual risk, there are broader ethical questions about how AI is built and governed that affect every user.
Transparency is one of the biggest challenges in AI. AI systems make decisions or generate outputs in ways that are generally difficult for users to understand. A chatbot might summarize medical information, a hiring tool might rank job applicants, or a recommendation system might decide what content someone sees next, but the reasoning behind those results is often unclear.
This lack of visibility can make it harder to spot errors, bias, or manipulation. Users may not know what data was used to train a system, whether their own information is being collected, or whether an answer is based on reliable sources.
Another major ethical concern is accountability. When an AI system makes a mistake, it is not always obvious who is responsible: the developer, the company using it, the organization that supplied the data, or the person who relied on its output.
This matters because AI is increasingly being used in areas where mistakes can affect people’s rights, opportunities, safety, or finances. Human oversight helps reduce this risk, but the pressure to make AI systems profitable can conflict with the need for careful human oversight. Companies may be incentivized to automate decisions quickly, reduce staffing costs, or scale systems without adding the slower, more expensive layer of human review.
Accountability also means having clear ways to challenge or appeal AI-assisted decisions. Users should not be left with an automated outcome they cannot question, understand, or correct.
Training and running advanced AI systems can require significant computing power. This consumes energy and may increase demand for data centers, cooling systems, and specialized hardware. While AI can also help improve efficiency in some industries, its environmental cost should not be ignored.
Companies developing AI are under growing pressure to measure and reduce the energy and resource demands of their systems. This can include using more efficient models, improving data center sustainability, and being transparent about environmental impact.
Building ethical AI means going beyond legal compliance and embedding safety, transparency, and privacy into the design of these systems from the ground up.
As AI is becoming more prevalent, frameworks have emerged to guide responsible development. A key example of this is the National Institute of Standards and Technology (NIST) AI Risk Management Framework, which provides organizations with a structured approach to identify, measure, and manage risks throughout the system’s entire lifecycle.
A noteworthy part of this framework is its section on AI Risks and Trustworthiness, which defines trustworthy AI as that which helps safeguard human identity, includes concerns for quality and equity, is accountable and transparent, is secure against adverse events, and should not lead to a state in which human life, health, property, or the environment is endangered.
A key improvement in AI technologies is the advent of privacy-preserving AI technologies, which aim to provide users with reliable AI chatbots without exposing their data. One example of this is ExpressAI. ExpressAI has a privacy-first architecture that uses zero-knowledge end-to-end encryption (E2EE) to ensure only users can see their own data, and no conversations, prompts, or files are ever used for training models.
To add further confidence, ExpressAI has been independently audited by cybersecurity firm Cure53, which involved a full source code review, penetration testing, and analysis of its cryptography, key management, and the infrastructure supporting it. The audit concluded that ExpressAI meets all stated privacy objectives.

FAQ: Common questions about chatbot safety

Can a chatbot be hacked?

Yes, and there have been large-scale incidents before demonstrating this, such as the breach of the McHire AI app that leaked the data of millions of job applicants.

Should businesses let employees use AI chatbots?

Businesses should establish clear policies before allowing chatbot use in the workplace. Shadow AI, which is when employees use unsanctioned AI tools, has led to confidential company information being exposed. A clear internal policy combined with approved tools that meet corporate security requirements is the best path.

What should you check before using a new chatbot?

When picking a chatbot, it’s important to choose an option that uses encryption to safeguard user chats, is compliant with key regulations, has a clear privacy policy, and offers the option to opt out of model training.

Is it safer to use paid chatbots than free ones?

Not necessarily: while enterprise and business plans for chatbots typically offer a safer environment where internal company data is protected, the paid plans for individuals rarely have these protections in place. If you value privacy, it’s worth picking a solution that’s built for this purpose from the ground up. ExpressAI, for instance, has a zero-knowledge architecture that ensures no one but you can access or view your data. Additionally, it never uses your chats, prompts, or files for training purposes.

Can deleted chatbot conversations still be stored?

Yes, they can. OpenAI, for example, states that it retains data for 30 days after deletion, so deletion from the user interface doesn’t necessarily mean your conversations are removed from the company’s servers.

Take the first step to protect yourself online. Try ExpressVPN risk-free.
Kate Davidson
Kate Davidson is an editor at the ExpressVPN Blog. She brings many years of international experience as a journalist and communications professional. Kate has a track record of creating quality, user-centric content and a passion for cybersecurity and online privacy. She prides herself on making complex technical topics come alive for all kinds of readers. In her spare time, Kate enjoys spending time with her family, working on her crochet skills, and exploring scenic walking trails with a good podcast at hand.
Get the latest in privacy news, tips, tricks, and security guides to level-up your digital security.
Protect your online privacy and security
Get the latest in privacy news, tips, tricks, and security guides to level-up your digital security.
© 2026 ExpressVPN. All rights reserved.
One subscription gives you access to a fast-growing suite of privacy and security tools that work seamlessly together to improve your digital life.
ExpressVPN Industry-leading, ultra-fast VPN with secure servers in 105 countries.
ExpressMailGuard Private email relay service to protect your inbox and identity.
ExpressKeys Secure password management, multi-factor authentication, and more.
ExpressAI The first consumer AI powered by confidential computing for privacy-led intelligence.
Identity Defender Powerful suite of ID protection, monitoring, and data removal tools
Other products from the family behind ExpressVPN
holiday.com eSIM Unlimited data with a single eSIM across 150+ destinations.
Intego Award-winning macOS antivirus, firewall, system tools, and more.
ExpressVPN for Teams Get fast, secure VPN protection for growing teams. Easy to deploy, simple to manage, built to scale.

source

Scroll to Top